<?php

class usercontrol extends base
{
    public function __construct()
    {
        $this->usercontrol();
    }
    public function usercontrol()
    {
        parent::__construct();
        $this->load('user');
        $this->app = $this->cache['apps'][UC_APPID];
    }
    public function onsynlogin()
    {
        $this->init_input();
        $uid = $this->input('uid');
        if ($this->app['synlogin']) {
            if ($this->user = $_ENV['user']->get_user_by_uid($uid)) {
                $synstr = '';
                foreach ($this->cache['apps'] as $appid => $app) {
                    if ($app['synlogin'] && $app['appid'] != $this->app['appid']) {
                        $synstr .= '<script type="text/javascript" src="' . $app['url'] . '/api/uc.php?time=' . $this->time . '&code=' . urlencode($this->authcode('action=synlogin&username=' . $this->user['username'] . '&uid=' . $this->user['uid'] . '&password=' . $this->user['password'] . '&time=' . $this->time, 'ENCODE', $app['authkey'])) . '"></script>';
                    }
                }
                return $synstr;
            }
        }
        return '';
    }
    public function onsynlogout()
    {
        $this->init_input();
        if ($this->app['synlogin']) {
            $synstr = '';
            foreach ($this->cache['apps'] as $appid => $app) {
                if ($app['synlogin'] && $app['appid'] != $this->app['appid']) {
                    $synstr .= '<script type="text/javascript" src="' . $app['url'] . '/api/uc.php?time=' . $this->time . '&code=' . urlencode($this->authcode('action=synlogout&time=' . $this->time, 'ENCODE', $app['authkey'])) . '"></script>';
                }
            }
            return $synstr;
        }
        return '';
    }
    public function onregister()
    {
        $this->init_input();
        $username = $this->input('username');
        $password = $this->input('password');
        $email = $this->input('email');
        $questionid = $this->input('questionid');
        $answer = $this->input('answer');
        $regip = $this->input('regip');
        if (($status = $this->_check_username($username)) < 0) {
            return $status;
        }
        if (($status = $this->_check_email($email)) < 0) {
            return $status;
        }
        $uid = $_ENV['user']->add_user($username, $password, $email, 0, $questionid, $answer, $regip);
        return $uid;
    }
    public function onedit()
    {
        $this->init_input();
        $username = $this->input('username');
        $oldpw = $this->input('oldpw');
        $newpw = $this->input('newpw');
        $email = $this->input('email');
        $ignoreoldpw = $this->input('ignoreoldpw');
        $questionid = $this->input('questionid');
        $answer = $this->input('answer');
        if (!$ignoreoldpw && $email && ($status = $this->_check_email($email, $username)) < 0) {
            return $status;
        }
        $status = $_ENV['user']->edit_user($username, $oldpw, $newpw, $email, $ignoreoldpw, $questionid, $answer);
        if ($newpw && 0 < $status) {
            $this->load('note');
            $_ENV['note']->add('updatepw', 'username=' . urlencode($username) . '&password=');
            $_ENV['note']->send();
        }
        return $status;
    }
    public function onlogin()
    {
        $this->init_input();
        $isuid = $this->input('isuid');
        $username = $this->input('username');
        $password = $this->input('password');
        $checkques = $this->input('checkques');
        $questionid = $this->input('questionid');
        $answer = $this->input('answer');
        if ($isuid == 1) {
            $user = $_ENV['user']->get_user_by_uid($username);
        } else {
            if ($isuid == 2) {
                $user = $_ENV['user']->get_user_by_email($username);
            } else {
                $user = $_ENV['user']->get_user_by_username($username);
            }
        }
        $passwordmd5 = preg_match('/^\\w{32}$/', $password) ? $password : md5($password);
        if (empty($user)) {
            $status = -1;
        } else {
            if ($user['password'] != md5($passwordmd5 . $user['salt'])) {
                $status = -2;
            } else {
                if ($checkques && $user['secques'] != '' && $user['secques'] != $_ENV['user']->quescrypt($questionid, $answer)) {
                    $status = -3;
                } else {
                    $status = $user['uid'];
                }
            }
        }
        $merge = $status != -1 && !$isuid && $_ENV['user']->check_mergeuser($username) ? 1 : 0;
        return array($status, $user['username'], $password, $user['email'], $merge);
    }
    public function oncheck_email()
    {
        $this->init_input();
        $email = $this->input('email');
        return $this->_check_email($email);
    }
    public function oncheck_username()
    {
        $this->init_input();
        $username = $this->input('username');
        if (($status = $this->_check_username($username)) < 0) {
            return $status;
        } else {
            return 1;
        }
    }
    public function onget_user()
    {
        $this->init_input();
        $username = $this->input('username');
        if (!$this->input('isuid')) {
            $status = $_ENV['user']->get_user_by_username($username);
        } else {
            $status = $_ENV['user']->get_user_by_uid($username);
        }
        if ($status) {
            return array($status['uid'], $status['username'], $status['email']);
        } else {
            return 0;
        }
    }
    public function ongetprotected()
    {
        $protectedmembers = $this->db->fetch_all('SELECT uid,username FROM ' . UC_DBTABLEPRE . 'protectedmembers GROUP BY username');
        return $protectedmembers;
    }
    public function ondelete()
    {
        $this->init_input();
        $uid = $this->input('uid');
        return $_ENV['user']->delete_user($uid);
    }
    public function onaddprotected()
    {
        $this->init_input();
        $username = $this->input('username');
        $admin = $this->input('admin');
        $appid = $this->app['appid'];
        $usernames = (array) $username;
        foreach ($usernames as $username) {
            $user = $_ENV['user']->get_user_by_username($username);
            $uid = $user['uid'];
            $this->db->query('REPLACE INTO ' . UC_DBTABLEPRE . 'protectedmembers SET uid=\'' . $uid . '\', username=\'' . $username . '\', appid=\'' . $appid . '\', dateline=\'' . $this->time . '\', admin=\'' . $admin . '\'', 'SILENT');
        }
        return $this->db->errno() ? -1 : 1;
    }
    public function ondeleteprotected()
    {
        $this->init_input();
        $username = $this->input('username');
        $appid = $this->app['appid'];
        $usernames = (array) $username;
        foreach ($usernames as $username) {
            $this->db->query('DELETE FROM ' . UC_DBTABLEPRE . 'protectedmembers WHERE username=\'' . $username . '\' AND appid=\'' . $appid . '\'');
        }
        return $this->db->errno() ? -1 : 1;
    }
    public function onmerge()
    {
        $this->init_input();
        $oldusername = $this->input('oldusername');
        $newusername = $this->input('newusername');
        $uid = $this->input('uid');
        $password = $this->input('password');
        $email = $this->input('email');
        if (($status = $this->_check_username($newusername)) < 0) {
            return $status;
        }
        $uid = $_ENV['user']->add_user($newusername, $password, $email, $uid);
        $this->db->query('DELETE FROM ' . UC_DBTABLEPRE . 'mergemembers WHERE appid=\'' . $this->app['appid'] . '\' AND username=\'' . $oldusername . '\'');
        return $uid;
    }
    public function onmerge_remove()
    {
        $this->init_input();
        $username = $this->input('username');
        $this->db->query('DELETE FROM ' . UC_DBTABLEPRE . 'mergemembers WHERE appid=\'' . $this->app['appid'] . '\' AND username=\'' . $username . '\'');
        return NULL;
    }
    public function _check_username($username)
    {
        $username = addslashes(trim(stripslashes($username)));
        if (!$_ENV['user']->check_username($username)) {
            return UC_USER_CHECK_USERNAME_FAILED;
        } else {
            if (!$_ENV['user']->check_usernamecensor($username)) {
                return UC_USER_USERNAME_BADWORD;
            } else {
                if ($_ENV['user']->check_usernameexists($username)) {
                    return UC_USER_USERNAME_EXISTS;
                }
            }
        }
        return 1;
    }
    public function _check_email($email, $username = '')
    {
        if (empty($this->settings)) {
            $this->settings = $this->cache('settings');
        }
        if (!$_ENV['user']->check_emailformat($email)) {
            return UC_USER_EMAIL_FORMAT_ILLEGAL;
        } else {
            if (!$_ENV['user']->check_emailaccess($email)) {
                return UC_USER_EMAIL_ACCESS_ILLEGAL;
            } else {
                if (!$this->settings['doublee'] && $_ENV['user']->check_emailexists($email, $username)) {
                    return UC_USER_EMAIL_EXISTS;
                } else {
                    return 1;
                }
            }
        }
    }
    public function onuploadavatar()
    {
    }
    public function onrectavatar()
    {
    }
    public function flashdata_decode($s)
    {
    }
}
!defined('IN_UC') && exit('Access Denied');
define('UC_USER_CHECK_USERNAME_FAILED', -1);
define('UC_USER_USERNAME_BADWORD', -2);
define('UC_USER_USERNAME_EXISTS', -3);
define('UC_USER_EMAIL_FORMAT_ILLEGAL', -4);
define('UC_USER_EMAIL_ACCESS_ILLEGAL', -5);
define('UC_USER_EMAIL_EXISTS', -6);